Configuring Per-User Ip Acls Or Mac Address Filters; Enabling 802.1X Port Security - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
33
Configuring 802.1x port security
Configuring per-user IP ACLs or MAC address filters
Per-user IP ACLs and MAC address filters make use of the Vendor-Specific (type 26) attribute to
dynamically apply filters to ports. Defined in the Vendor-Specific attribute are Brocade ACL or MAC
address filter statements. When the RADIUS server returns the Access-Accept message granting a
client access to the network, the BigIron RX reads the statements in the Vendor-Specific attribute
and applies these IP ACLs or MAC address filters to the client's port. When the client disconnects
from the network, the dynamically applied filters are no longer applied to the port. If any filters had
been applied to the port previous to the client connecting, then those filters are reapplied to the
port.
The following is the syntax for configuring the BigIron RX Vendor-Specific attribute with ACL or MAC
address filter statements.
Value
ipacl.e.in=<extended-acl-entries>
macfilter.in=<mac-filter-entries>
The following table shows examples of IP ACLs and MAC address filters configured in the Brocade
Vendor-Specific attribute on a RADIUS server. These IP ACLs and MAC address filters follow the
same syntax as other Brocade ACLs and MAC address filters. Refer to
List"
Mac address filter
Mac address filter with one entry
Mac address filter with two entries
The RADIUS server allows one instance of the Vendor-Specific attribute to be sent in an
Access-Accept message. However, the Vendor-Specific attribute can specify multiple IP ACLs or
MAC address filters. You can use commas, semicolons, or carriage returns to separate the filters
(for example ipacl.e.in= permit ip any any,ipacl.e.in = deny ip any any).
Enabling 802.1x port security
By default, 802.1x port security is disabled on BigIron RX devices. To enable the feature on the
device and enter the dot1x configuration level, enter the following command.
BigIron RX(config)# dot1x-enable
BigIron RX(config-dot1x)#
Syntax: [no] dot1x-enable
976
•
Multiple IP ACLs and MAC address filters can be specified in the Filter ID attribute,
allowing multiple filters to be simultaneously applied to an 802.1x authenticated port.
Use commas, semicolons, or carriage returns to separate the filters (for example
ip.3.in,mac.2.in).
•
If 802.1x is enabled on a VE port, ACLs, dynamic (802.1x assigned) or static (user
configured), cannot be applied to the port.
for information on syntax.
Description
Applies the specified extended ACL entries to the 802.1x
authenticated port in the inbound direction.
Applies the specified MAC address filter entries to the 802.1x
authenticated port in the inbound direction.
Vendor-specific attribute on RADIUS server
macfilter.in= deny any any
macfilter.in= permit 0000.0000.3333 ffff.ffff.0000 any,
macfilter.in= permit 0000.0000.4444 ffff.ffff.0000 any
Chapter 21, "Access Control
BigIron RX Series Configuration Guide
53-1002253-01
Advertisement
Table of Contents
